Add CryptoApi.pinCurrentUserIdentity and UserIdentity.needsUserApproval (#4415)

* Implement `UserVerificationStatus.needsUserApproval` Expose the `identityNeedsUserApproval` flag from the rust crypto crate. * Add CryptoApi.pinCurrentUserIdentity Expose `pinCurrentMasterKey` from the rust crypto api. * Test data: add second cross-signing key for Bob * Add tests for verification status
2025-08-07 23:02:56 +03:00 · 2024-09-24 17:38:18 +01:00
parent d0890d9450
commit 1a8ea3d685
7 changed files with 223 additions and 16 deletions
--- a/src/crypto-api/index.ts
+++ b/src/crypto-api/index.ts
@@ -197,6 +197,16 @@ export interface CryptoApi {
     */
    getUserVerificationStatus(userId: string): Promise<UserVerificationStatus>;

+    /**
+     * "Pin" the current identity of the given user, accepting it as genuine.
+     *
+     * This is useful if the user has changed identity since we first saw them (leading to
+     * {@link UserVerificationStatus.needsUserApproval}), and we are now accepting their new identity.
+     *
+     * Throws an error if called on our own user ID, or on a user ID that we don't have an identity for.
+     */
+    pinCurrentUserIdentity(userId: string): Promise<void>;
+
    /**
     * Get the verification status of a given device.
     *
@@ -707,11 +717,29 @@ export interface BootstrapCrossSigningOpts {
 * Represents the ways in which we trust a user
 */
 export class UserVerificationStatus {
+    /**
+     * Indicates if the identity has changed in a way that needs user approval.
+     *
+     * This happens if the identity has changed since we first saw it, *unless* the new identity has also been verified
+     * by our user (eg via an interactive verification).
+     *
+     * To rectify this, either:
+     *
+     *  * Conduct a verification of the new identity via {@link CryptoApi.requestVerificationDM}.
+     *  * Pin the new identity, via {@link CryptoApi.pinCurrentUserIdentity}.
+     *
+     * @returns true if the identity has changed in a way that needs user approval.
+     */
+    public readonly needsUserApproval: boolean;
+
    public constructor(
        private readonly crossSigningVerified: boolean,
        private readonly crossSigningVerifiedBefore: boolean,
        private readonly tofu: boolean,
-    ) {}
+        needsUserApproval: boolean = false,
+    ) {
+        this.needsUserApproval = needsUserApproval;
+    }

    /**
     * @returns true if this user is verified via any means
@@ -737,6 +765,8 @@ export class UserVerificationStatus {

    /**
     * @returns true if this user's key is trusted on first use
+     *
+     * @deprecated No longer supported, with the Rust crypto stack.
     */
    public isTofu(): boolean {
        return this.tofu;
--- a/src/crypto/index.ts
+++ b/src/crypto/index.ts
@@ -1609,6 +1609,13 @@ export class Crypto extends TypedEventEmitter<CryptoEvent, CryptoEventHandlerMap
        return this.checkUserTrust(userId);
    }

+    /**
+     * Implementation of {@link Crypto.CryptoApi.pinCurrentUserIdentity}.
+     */
+    public async pinCurrentUserIdentity(userId: string): Promise<void> {
+        throw new Error("not implemented");
+    }
+
    /**
     * Check whether a given device is trusted.
     *
--- a/src/rust-crypto/rust-crypto.ts
+++ b/src/rust-crypto/rust-crypto.ts
@@ -654,9 +654,31 @@ export class RustCrypto extends TypedEventEmitter<RustCryptoEvents, RustCryptoEv
        if (userIdentity === undefined) {
            return new UserVerificationStatus(false, false, false);
        }
+
        const verified = userIdentity.isVerified();
+        const wasVerified = userIdentity.wasPreviouslyVerified();
+        const needsUserApproval =
+            userIdentity instanceof RustSdkCryptoJs.UserIdentity ? userIdentity.identityNeedsUserApproval() : false;
        userIdentity.free();
-        return new UserVerificationStatus(verified, false, false);
+        return new UserVerificationStatus(verified, wasVerified, false, needsUserApproval);
+    }
+
+    /**
+     * Implementation of {@link CryptoApi#pinCurrentUserIdentity}.
+     */
+    public async pinCurrentUserIdentity(userId: string): Promise<void> {
+        const userIdentity: RustSdkCryptoJs.UserIdentity | RustSdkCryptoJs.OwnUserIdentity | undefined =
+            await this.getOlmMachineOrThrow().getIdentity(new RustSdkCryptoJs.UserId(userId));
+
+        if (userIdentity === undefined) {
+            throw new Error("Cannot pin identity of unknown user");
+        }
+
+        if (userIdentity instanceof RustSdkCryptoJs.OwnUserIdentity) {
+            throw new Error("Cannot pin identity of own user");
+        }
+
+        await userIdentity.pinCurrentMasterKey();
    }

    /**